#!/bin/bash

# PROXYPASS=foo\@bar.corp:Start1
# PROXYURL=http://$PROXYPASS@$PROXY/

# Copyright Mathias Kettner 2010
# http://mathias-kettner.de

# This script checks web servers by retrieving URLs. Usually
# you would use check_http, but that has some limitations when
# working through proxies.
#
# This script uses curl for retrieving urls and works well through
# proxies. It either checks if the page can be retrieved or optionally
# if the page contains a text.
#
# Usage: check_proxy [-P PROXYUSER:PROXYPASSWORD PROXYURL] URL [ TEXT ]
#
# -P    use proxy, parameters are set in this script
# URL   http, https or ftp url
# TEXT  optional text to be searched in result page

curl_codes() {
    cat <<HERE
1      Unsupported protocol. This build of curl has no support for this protocol.
2      Failed to initialize.
3      URL malformat. The syntax was not correct.
5      Couldn't  resolve  proxy.  The  given  proxy  host  could not be resolved.
6      Couldn't resolve host. The given remote host was not resolved.
7      Failed to connect to host.
8      FTP weird server reply.  The  server  sent  data  curl  couldn't parse.
9      FTP  access  denied. The server denied login or denied access to the particular resource or directory you wanted to  reach.  Most often  you  tried to change to a directory that doesn't exist on the server.
11     FTP weird PASS reply. Curl couldn't parse the reply sent to  the PASS request.
13     FTP  weird PASV reply, Curl couldn't parse the reply sent to the PASV request.
14     FTP weird 227 format.  Curl  couldn't  parse  the  227-line  the server sent.
15     FTP  can't  get host. Couldn't resolve the host IP we got in the 227-line.
17     FTP couldn't set binary.  Couldn't  change  transfer  method  to binary.
18     Partial file. Only a part of the file was transferred.
19     FTP  couldn't download/access the given file, the RETR (or similar) command failed.
21     FTP quote error. A quote command returned error from the server.
22     HTTP  page  not  retrieved.  The  requested url was not found or returned another error with the HTTP error  code  being  400  or above. This return code only appears if -f/--fail is used.
23     Write  error.  Curl couldn't write data to a local filesystem or similar.
25     FTP couldn't STOR file. The server denied  the  STOR  operation, used for FTP uploading.
26     Read error. Various reading problems.
27     Out of memory. A memory allocation request failed.
28     Operation  timeout.  The  specified  time-out period was reached according to the conditions.
30     FTP PORT failed. The PORT command failed. Not  all  FTP  servers support  the  PORT  command,  try  doing  a  transfer using PASV instead!
31     FTP couldn't use REST. The REST command failed. This command  is used for resumed FTP transfers.
33     HTTP range error. The range "command" didn't work.
34     HTTP post error. Internal post-request generation error.
35     SSL connect error. The SSL handshaking failed.
36     FTP  bad  download  resume. Couldn't continue an earlier aborted download.
37     FILE couldn't read file. Failed to open the file. Permissions?
38     LDAP cannot bind. LDAP bind operation failed.
39     LDAP search failed.
41     Function not found. A required LDAP function was not found.
42     Aborted by callback. An application told curl to abort the operation.
43     Internal error. A function was called with a bad parameter.
45     Interface  error.  A  specified  outgoing interface could not be used.
47     Too many redirects. When following redirects, curl hit the maximum amount.
48     Unknown TELNET option specified.
49     Malformed telnet option.
51     The peer's SSL certificate or SSH MD5 fingerprint was not ok
52     The  server  didn't  reply anything, which here is considered an error.
53     SSL crypto engine not found
54     Cannot set SSL crypto engine as default
55     Failed sending network data
56     Failure in receiving network data
58     Problem with the local certificate
59     Couldn't use specified SSL cipher
60     Peer certificate cannot be authenticated with known CA  certificates
61     Unrecognized transfer encoding
62     Invalid LDAP URL
63     Maximum file size exceeded
64     Requested FTP SSL level failed
65     Sending the data requires a rewind that failed
66     Failed to initialise SSL Engine
67     User,  password  or  similar was not accepted and curl failed to login
68     File not found on TFTP server
69     Permission problem on TFTP server
70     Out of disk space on TFTP server
71     Illegal TFTP operation
72     Unknown TFTP transfer ID
73     File already exists (TFTP)
74     No such user (TFTP)
75     Character conversion failed
76     Character conversion functions required
77     Problem with reading the SSL CA cert (path? access rights?)
78     The resource referenced in the URL does not exist
79     An unspecified error occurred during the SSH session
80     Failed to shut down the SSL connection
82     Could not load CRL file,  missing  or  wrong  format  (added  in 7.19.0)
83     Issuer check failed (added in 7.19.0)
HERE
}

curl_error() {
    curl_codes | while read -r code text; do
        if [ "$code" = "$1" ]; then
            echo "$text"
            return
        fi
    done
}

if [ "$1" = -P ]; then
    PROXYPASS=$2
    PROXYURL=$3
    PROXYOPTIONS="--proxy-basic --proxy-user $PROXYPASS --proxy $PROXYURL"
    shift
    shift
    shift
else
    PROXYOPTIONS=
fi

if [ "$1" = -NTLM ]; then
    NTLM=" --ntlm --negotiate -u $2 "
    shift
    shift
else
    NTLM=
fi
URL=$1
PURL=$(echo "$URL" | awk -F "/" '{print $1"//"$3}')

if [ -z "$URL" ]; then
    echo "Usage: [-P PROXYUSER:PROXYPASS PROXYURL] [-NTLM NTLM_USER:NTLM_PASSWORD] URL [SEARCHTEXT]"
    exit 3
fi

CONTENT=$2

# CURL="curl -A """Mozilla/4.0 (compatible; MSIE 6.0;)""" --silent --fail --insecure $PROXYOPTIONS $URL"
# CURL="curl -A Mozilla/4.0 (compatible; MSIE 6.0;) --silent --fail --insecure $PROXYOPTIONS $URL"
# CURL="curl  --silent --fail --insecure $PROXYOPTIONS $URL"
if [ "$CONTENT" ]; then
    # if $CURL 2>&1 | fgrep -q "$CONTENT"
    # shellcheck disable=SC2086 # Yes, we want splitting for NTLM and PROXYOPTIONS.
    if curl $NTLM -A "Mozilla/4.0 (compatible; MSIE 6.0;)" --silent --fail --insecure $PROXYOPTIONS "$URL" 2>&1 | grep -F -q "$CONTENT"; then
        echo "OK - $PURL found '$CONTENT' in answer"
        exit 0
    else
        exitcode=${PIPESTATUS[0]}
        if [ "$exitcode" != 0 ]; then
            msg=$(curl_error "$exitcode")
            echo "CRIT - $PURL not retrieved, $msg"
            exit 2
        else
            echo "CRIT - $PURL retrieved, but '$CONTENT' not found in page"
            exit 2
        fi
    fi
else
    # OUTPUT=$($CURL >/dev/null 2>&1 | head -n 1 ; exit ${PIPESTATUS[0]})
    # shellcheck disable=SC2034 # OUTPUT appears unused.
    OUTPUT=$(
        # shellcheck disable=SC2086 # Yes, we want splitting for NTLM and PROXYOPTIONS.
        curl $NTLM -A "Mozilla/4.0 (compatible; MSIE 6.0;)" --silent --fail --insecure $PROXYOPTIONS "$URL" >/dev/null 2>&1 | head -n 1
        exit "${PIPESTATUS[0]}"
    )
    exitcode=$?
    if [ "$exitcode" = 0 ]; then
        echo "OK - $PURL retrieved"
        exit 0
    else
        msg=$(curl_error $exitcode)
        echo "CRIT - $PURL not retrieved, $msg"
        exit 2
    fi
fi
